package cel
import "k8s.io/apiserver/pkg/authentication/cel"
Package cel contains the CEL related interfaces and structs for authentication.
Index ¶
- type CELMapper
- type ClaimMappingExpression
- func (v *ClaimMappingExpression) GetExpression() string
- func (v *ClaimMappingExpression) ReturnTypes() []*celgo.Type
- type ClaimValidationCondition
- func (v *ClaimValidationCondition) GetExpression() string
- func (v *ClaimValidationCondition) ReturnTypes() []*celgo.Type
- type ClaimsMapper
- type CompilationResult
- type Compiler
- type EvaluationResult
- type ExpressionAccessor
- type ExtraMappingExpression
- func (v *ExtraMappingExpression) GetExpression() string
- func (v *ExtraMappingExpression) ReturnTypes() []*celgo.Type
- type UserMapper
- type UserValidationCondition
Types ¶
type CELMapper ¶
type CELMapper struct {
Username ClaimsMapper
Groups ClaimsMapper
UID ClaimsMapper
Extra ClaimsMapper
ClaimValidationRules ClaimsMapper
UserValidationRules UserMapper
}
CELMapper is a struct that holds the compiled expressions for username, groups, uid, extra, claimValidation and userValidation
type ClaimMappingExpression ¶
type ClaimMappingExpression struct {
Expression string
}
ClaimMappingExpression is a CEL expression that maps a claim.
func (*ClaimMappingExpression) GetExpression ¶
func (v *ClaimMappingExpression) GetExpression() string
GetExpression returns the CEL expression.
func (*ClaimMappingExpression) ReturnTypes ¶
func (v *ClaimMappingExpression) ReturnTypes() []*celgo.Type
ReturnTypes returns the CEL expression return types.
type ClaimValidationCondition ¶
ClaimValidationCondition is a CEL expression that validates a claim.
func (*ClaimValidationCondition) GetExpression ¶
func (v *ClaimValidationCondition) GetExpression() string
GetExpression returns the CEL expression.
func (*ClaimValidationCondition) ReturnTypes ¶
func (v *ClaimValidationCondition) ReturnTypes() []*celgo.Type
ReturnTypes returns the CEL expression return types.
type ClaimsMapper ¶
type ClaimsMapper interface {
// EvalClaimMapping evaluates the given claim mapping expression and returns a EvaluationResult.
// This is used for username, groups and uid claim mapping that contains a single expression.
EvalClaimMapping(ctx context.Context, claims *unstructured.Unstructured) (EvaluationResult, error)
// EvalClaimMappings evaluates the given expressions and returns a list of EvaluationResult.
// This is used for extra claim mapping and claim validation that contains a list of expressions.
EvalClaimMappings(ctx context.Context, claims *unstructured.Unstructured) ([]EvaluationResult, error)
}
ClaimsMapper provides a CEL expression mapper configured with the claims CEL variable.
func NewClaimsMapper ¶
func NewClaimsMapper(compilationResults []CompilationResult) ClaimsMapper
NewClaimsMapper returns a new ClaimsMapper.
type CompilationResult ¶
type CompilationResult struct {
Program celgo.Program
AST *celgo.Ast
ExpressionAccessor ExpressionAccessor
}
CompilationResult represents a compiled validations expression.
type Compiler ¶
type Compiler interface {
CompileClaimsExpression(expressionAccessor ExpressionAccessor) (CompilationResult, error)
CompileUserExpression(expressionAccessor ExpressionAccessor) (CompilationResult, error)
}
Compiler provides a CEL expression compiler configured with the desired authentication related CEL variables.
func NewCompiler ¶
func NewCompiler(env *environment.EnvSet) Compiler
NewCompiler returns a new Compiler.
func NewDefaultCompiler ¶
func NewDefaultCompiler() Compiler
NewDefaultCompiler returns a new Compiler following the default compatibility version. Note: the compiler construction depends on feature gates and the compatibility version to be initialized.
type EvaluationResult ¶
type EvaluationResult struct {
EvalResult ref.Val
ExpressionAccessor ExpressionAccessor
}
EvaluationResult contains the minimal required fields and metadata of a cel evaluation
type ExpressionAccessor ¶
ExpressionAccessor is an interface that provides access to a CEL expression.
type ExtraMappingExpression ¶
ExtraMappingExpression is a CEL expression that maps an extra to a list of values.
func (*ExtraMappingExpression) GetExpression ¶
func (v *ExtraMappingExpression) GetExpression() string
GetExpression returns the CEL expression.
func (*ExtraMappingExpression) ReturnTypes ¶
func (v *ExtraMappingExpression) ReturnTypes() []*celgo.Type
ReturnTypes returns the CEL expression return types.
type UserMapper ¶
type UserMapper interface {
// EvalUser evaluates the given user expressions and returns a list of EvaluationResult.
// This is used for user validation that contains a list of expressions.
EvalUser(ctx context.Context, userInfo *unstructured.Unstructured) ([]EvaluationResult, error)
}
UserMapper provides a CEL expression mapper configured with the user CEL variable.
func NewUserMapper ¶
func NewUserMapper(compilationResults []CompilationResult) UserMapper
NewUserMapper returns a new UserMapper.
type UserValidationCondition ¶
UserValidationCondition is a CEL expression that validates a User.
func (*UserValidationCondition) GetExpression ¶
func (v *UserValidationCondition) GetExpression() string
GetExpression returns the CEL expression.
func (*UserValidationCondition) ReturnTypes ¶
func (v *UserValidationCondition) ReturnTypes() []*celgo.Type
ReturnTypes returns the CEL expression return types.
Source Files ¶
compile.go interface.go mapper.go
- Version
- v0.33.0 (latest)
- Published
- Apr 23, 2025
- Platform
- linux/amd64
- Imports
- 8 packages
- Last checked
- 1 hour ago –
Tools for package owners.